See http://www.cert.org/ which recommends a complete clean. The reason for
this, I believe, is not because of Nimda, but because of one of the
vulnerabilities which it exploits - i.e. the "backdoor" left by code-red and
others. If you have had such a "backdoor" for even a short time, someone can
remotely "mess around" with your system. If they do this quietly, you may
never know. Such ad-hoc "messing around" is unlikely to be detected by any
cleaner - thus, a re-format and re-install from CDROM is the ONLY safe way.
Incidentally, Microsloth has a tool for cleaning code-red backdoors. I still
recommend a re-format etc.
John
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
